Описание
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
Ссылки
- Mailing List
- ProductRelease Notes
- Mailing List
- ProductRelease Notes
Уязвимые конфигурации
Конфигурация 1Версия от 2.4.17 (включая) до 2.4.59 (исключая)
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*
EPSS
Процентиль: 100%
0.90356
Критический
7.5 High
CVSS3
Дефекты
CWE-770
CWE-770
Связанные уязвимости
CVSS3: 7.5
ubuntu
около 1 года назад
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
CVSS3: 7.5
redhat
около 1 года назад
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
CVSS3: 7.5
debian
около 1 года назад
HTTP/2 incoming headers exceeding the limit are temporarily buffered i ...
EPSS
Процентиль: 100%
0.90356
Критический
7.5 High
CVSS3
Дефекты
CWE-770
CWE-770